851f3f8ea378a611f5a7b1171717f3ea5660f7a27ad0d5c34ab2a0414fafbcf1

Analysis

max time kernel
99s
max time network
614s
platform
android_x64
resource
android-33-x64-arm64-20240624-en
resource tags

androidarch:arm64arch:x64image:android-33-x64-arm64-20240624-enlocale:en-usos:android-13-x64system
submitted
18/09/2024, 12:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Tasker.ver.6.3.13.build.5395.apk
Size

36.8MB
MD5

e44093c41d157e1e2c761d4a63b3515c
SHA1

3a38c12467834fc155c755090573bf67d205dbf5
SHA256

851f3f8ea378a611f5a7b1171717f3ea5660f7a27ad0d5c34ab2a0414fafbcf1
SHA512

4bc640be5addebb4ad1189f2efedb322328b4094c9d0565597b20a9f4642891014305d354cb385c5bf6acd1ba36eac0c997354ad25b51d4155e1e8164b69a1c7
SSDEEP

786432:Ie8y4HOQKcAm6qRrHPwCQ7X+j7P3AAUs7i2IRSPzOd8R8USMnU:IeCHJN1Po07PQALe2I4Pzs8RxSh

Score

7^/10

collection credential_access evasion impact persistence

Malware Config

Signatures

Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

collection credential_access impact

Clipboard Data

T1414

Transmitted Data Manipulation

T1641.001

description	ioc	Process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	net.dinglisch.android.taskerm

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	net.dinglisch.android.taskerm

Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

Application may abuse the framework's foreground service to continue running in the foreground.

evasion persistence

Foreground Persistence

T1541

description	ioc	Process
Framework service call	android.app.IActivityManager.setServiceForeground	net.dinglisch.android.taskerm

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	net.dinglisch.android.taskerm

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	net.dinglisch.android.taskerm

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	net.dinglisch.android.taskerm

net.dinglisch.android.taskerm
1⤵
- Obtains sensitive information copied to the device clipboard
- Acquires the wake lock
- Makes use of the framework's foreground persistence service
- Uses Crypto APIs (Might try to encrypt user data)
- Checks CPU information
- Checks memory information
PID:4366

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Foreground Persistence

T1541

Privilege Escalation

Defense Evasion

Foreground Persistence

T1541

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Clipboard Data

T1414

Discovery

System Information Discovery

T1426

Lateral Movement

Collection

Clipboard Data

T1414

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Data Manipulation

T1641

Transmitted Data Manipulation

T1641.001

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/net.dinglisch.android.taskerm/files/profileInstalled

Filesize
24B

MD5
ab625baf459f9e866c5862f694b383b5

SHA1
349722aa9b60663b5456f0c9fe2b2a278ff8ceea

SHA256
1f4f76351d44da0d9010f3a00414eab5563738a1b6a93487c7a74d893707ed76

SHA512
ab635fef34d146462af4a730c3eb1c39e89de41f39092bd0919b4b5fad7db9203575f7d5b697a599eecf0fb3123f7a827b4a73fb61a3304bcb7e2d029579515b

Download Submit
/data/data/net.dinglisch.android.taskerm/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat

Filesize
8B

MD5
7d773964c2310e766504cf2b9f6090b5

SHA1
66e371a3caa93bed8ec6310a636c50ab20b7d624

SHA256
316dacc8c4579a42f50de30af17a173edfeb6730ef3de52c696033366fd83725

SHA512
9479df7444b435001436282357471559e7623113aff216749460bab6856e9a3688c8d428e02eb7043593136f1aa7440fd1fcd3e22c44fe6d075e592ba37f1134

Download Submit
/data/misc/profiles/cur/0/net.dinglisch.android.taskerm/primary.prof

Filesize
10KB

MD5
9a9fc6e35d585160df474c02df561c69

SHA1
5be7a71b6e72f32fde78f6bfcea3b8d40987f784

SHA256
a3f82fc3126500cc9df6f7bc32f6a9b5387013a8e3effd233966b15476de9e5c

SHA512
47a8d4e313c005133cd70b886aff03591b81f54dc111b2a0d5980f6099264f864cdefd04867a2f4f61c457d64f6be7976110183de55e78680f0d925eed94cbd9

Download Submit
/data/misc/profiles/cur/0/net.dinglisch.android.taskerm/primary.prof

Filesize
20KB

MD5
792093081c75d22b1d584f46af56489b

SHA1
66a93253526d4845ce8b2bc7bcb074111b4f8445

SHA256
9e750b6fc87c65c7d9402c1ea56f134bd2bba39d478159456a2563f3f2c750c1

SHA512
08ef87627b73fbf89482154d97fb42993e945655f2180ac4bc38ee5567e958631b9c142a36aa14fafb7a09ba9288ab366e3a1fed5bb97ac31df75ae18d93f6ab

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads